fkie_nvd - fkie_cve-2024-36353

fkie_cve-2024-36353

Vulnerability from fkie_nvd

Published

2025-03-02 18:15

Modified

2025-09-25 20:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

References

▼	URL	Tags
	psirt@amd.com	https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
    },
    {
      "lang": "es",
      "value": "Una depuraci\u00f3n insuficiente de la memoria global de la GPU podr\u00eda permitir que un proceso malicioso que se ejecuta en la misma GPU lea valores de memoria restantes, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad."
    }
  ],
  "id": "CVE-2024-36353",
  "lastModified": "2025-09-25T20:15:33.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "psirt@amd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-02T18:15:34.033",
  "references": [
    {
      "source": "psirt@amd.com",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "psirt@amd.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-36353 (GCVE-0-2024-36353)

Vulnerability from cvelistv5

Published

2025-03-02 17:33

Modified

2025-09-25 19:24

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-459 - Incomplete Cleanup

Summary

Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.

References

▼	URL	Tags
	https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html

Impacted products

Vendor

Product

Version

▼

AMD

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

	AMD	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
	AMD	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7000 Series Desktop Processor
	AMD	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 9000HX Series Processors
	AMD	AMD Ryzen™ AI Max 300 Series Processors
	AMD	AMD Ryzen™ Z2 Series Processors Extreme
	AMD	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 4000 Series Desktop Processors
	AMD	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
	AMD	AMD Ryzen™ 8000 Series Desktop Processors
	AMD	AMD Ryzen™ 9000 Series Desktop Processors
	AMD	Ryzen™ Embedded R1000
	AMD	Ryzen™ Embedded R2000
	AMD	AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge")
	AMD	Ryzen™ Embedded V2000
	AMD	Ryzen™ Embedded V3000
	AMD	AMD Ryzen Embedded V2000A Series Processors
	AMD	AMD Radeon™ RX 5000/PRO W5000 Series Graphics Products
	AMD	AMD Radeon™ RX6000/PRO W6000 Series Graphics Products
	AMD	AMD Radeon™ RX 7000/PRO W7000 Series Graphics Products
	AMD	AMD Radeon™ PRO V520
	AMD	AMD Radeon™ PRO V620
	AMD	AMD Radeon™ PRO V710

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T15:49:49.731257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T15:50:05.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Z2 Series Processors Extreme",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen Embedded V2000A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Kernel 6.12.25 LTS"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 5000/PRO W5000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX6000/PRO W6000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 7000/PRO W7000 Series Graphics Products",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Radeon Software For Linux 25.10.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V520",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V620",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO V710",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Contact your AMD Customer Engineering representative"
            }
          ]
        }
      ],
      "datePublic": "2025-09-25T19:03:13.393Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.\u003cbr\u003e"
            }
          ],
          "value": "Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459  Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T19:24:49.891Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6019.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36353",
    "datePublished": "2025-03-02T17:33:11.636Z",
    "dateReserved": "2024-05-23T19:44:50.000Z",
    "dateUpdated": "2025-09-25T19:24:49.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted